SUSE-SU-2017:2168-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 15 Aug 2017, 12:27
Last modified:04 Feb 2026, 03:04

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

15 Aug 2017, 12:27
Published
Vulnerability first disclosed
04 Feb 2026, 03:04
Last Modified
Vulnerability information updated

Description

Security update for nodejs4, nodejs6 This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0

Affected Systems

  • susenodejs-common&distro=SUSE Enterprise Storage 4

    < 1.0-2.1

  • susenodejs-common&distro=SUSE Linux Enterprise Module for Web and Scripting 12

    < 1.0-2.1

  • susenodejs-common&distro=SUSE OpenStack Cloud 7

    < 1.0-2.1

  • susenodejs4&distro=SUSE Enterprise Storage 4

    < 4.8.4-15.5.1

  • susenodejs4&distro=SUSE Linux Enterprise Module for Web and Scripting 12

    < 4.8.4-15.5.1

  • susenodejs6&distro=SUSE Enterprise Storage 4

    < 6.11.1-11.5.1

  • susenodejs6&distro=SUSE Linux Enterprise Module for Web and Scripting 12

    < 6.11.1-11.5.1

  • susenodejs6&distro=SUSE OpenStack Cloud 7

    < 6.11.1-11.5.1

References (7)